[Bug 211706] New: Can't join an ADS with YaST samba-client module due missing realm
https://bugzilla.novell.com/show_bug.cgi?id=211706 Summary: Can't join an ADS with YaST samba-client module due missing realm Product: openSUSE 10.2 Version: Alpha 5 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: jsuchome@novell.com ReportedBy: anschneider@novell.com QAContact: jsrain@novell.com CC: rhafer@novell.com, gdeschner@novell.com If you want to join a ADS you get an error message, that samba could not find the default realm for kinit. It works just fine if you do it manually. (kinit, net ads join) YaST log follows as attachement -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #1 from anschneider@novell.com 2006-10-11 12:01 MST ------- Created an attachment (id=101247) --> (https://bugzilla.novell.com/attachment.cgi?id=101247&action=view) YaST2 log file -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |anschneider@novell.com ------- Comment #2 from jsuchome@novell.com 2006-10-12 02:03 MST ------- And what is your correct realm? What does "net ads info -S $server" (where $server is your AD server) report? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #3 from anschneider@novell.com 2006-10-12 02:34 MST ------- krikkit:~ # net ads info -S g234.suse.de Failed to get server's current time! LDAP server: 10.10.103.234 LDAP server name: sbs2003.SBS-TEST.site Realm: SBS-TEST.SITE Bind Path: dc=SBS-TEST,dc=SITE LDAP port: 389 Server time: Thu, 01 Jan 1970 01:00:00 CET KDC server: 10.10.103.234 Server time offset: 0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #4 from jsuchome@novell.com 2006-10-12 02:57 MST ------- According to the logs, yast2-samba-client tried to use SBS-TEST.SITE. Maybe your configuration is wrong. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #5 from anschneider@novell.com 2006-10-12 03:41 MST ------- Which configuration. The yast2-samba-client creates its own samba and kerberos configuration. If I set up a configuration manually and join the domain with the command line tools, it works just fine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #6 from jsuchome@novell.com 2006-10-12 04:30 MST ------- Created an attachment (id=101291) --> (https://bugzilla.novell.com/attachment.cgi?id=101291&action=view) patch for /usr/share/YaST2/modules/SambaNetJoin.pm Please patch your /usr/share/YaST2/modules/SambaNetJoin.pm, run yast2-samba-client again and when (during the join) the popup opens, fetch the temporary krb.conf file (found on the location popup tells about) and attach it to the bug. (The file is removed after YaST module is finished). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #7 from anschneider@novell.com 2006-10-12 06:47 MST ------- Yes, the default_realm is missing. Fix follows as attachment. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #8 from anschneider@novell.com 2006-10-12 06:48 MST ------- Created an attachment (id=101304) --> (https://bugzilla.novell.com/attachment.cgi?id=101304&action=view) Patch for SambaNetJoin Yast2 Module -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|anschneider@novell.com |gdeschner@novell.com ------- Comment #9 from jsuchome@novell.com 2006-10-12 06:54 MST ------- Well, but isn't this a bug? Why should krb.conf need to containe "default_realm" key when it already provides the "realm" and the value is the same? It worked before, so I wonder if something has changed in samba tools or if you have non-standard environment. Guenther, could you comment? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lmuelle@novell.com ------- Comment #10 from jsuchome@novell.com 2006-10-23 02:27 MST ------- Guenther, Lars, please comment. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 gdeschner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jsuchome@novell.com |gdeschner@novell.com Status|NEEDINFO |ASSIGNED Info Provider|gdeschner@novell.com | ------- Comment #11 from gdeschner@novell.com 2006-10-24 03:58 MST ------- Yes, the new join code in 3.0.23c changes things. We have a patch to allow to define the realm as part of the username, so that yast can join like net ads join -U administrator@MY.REALM%password Digging that up, hold on. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 gdeschner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |anschneider@novell.com ------- Comment #12 from gdeschner@novell.com 2006-10-24 06:01 MST ------- Test package is at: http://w3.suse.de/~gd/samba-join-fix/ Jiri, Andreas, could you please have a look? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #13 from gdeschner@novell.com 2006-10-24 09:18 MST ------- Now packages live at: http://w3.suse.de/~gd/samba-join-fix-i386 or http://w3.suse.de/~gd/samba-join-fix-x86_64/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 ------- Comment #14 from jsuchome@novell.com 2006-10-25 06:05 MST ------- Do I understand it right? Does yast2-samba-client really have to change the way it calls the join command (comment #11)? Currently, the realm is given in the temporary krb5.conf file and the join command looks like "KRB5_CONFIG=$tmp_krb_file net ads join -U administrator%password). AFAIK the problem Andreas pointed out that when krb.conf file doesn't contain "default_realm" key (while it _does_ contains the "realm"!) This is change from previous versions (see comment #9) - couldn't it be just fixed back, so the "default_realm" is not needed when "realm" is present? If you really want to change the join command to include the realm, is the temporary krb.conf file still necessary? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 gdeschner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|anschneider@novell.com |gdeschner@novell.com ------- Comment #15 from gdeschner@novell.com 2006-10-26 12:53 MST ------- (In reply to comment #14)
Do I understand it right? Does yast2-samba-client really have to change the way it calls the join command (comment #11)?
No, but we needed to handle the case that you don't.
Currently, the realm is given in the temporary krb5.conf file and the join command looks like "KRB5_CONFIG=$tmp_krb_file net ads join -U administrator%password). AFAIK the problem Andreas pointed out that when krb.conf file doesn't contain "default_realm" key (while it _does_ contains the "realm"!) This is change from previous versions (see comment #9) - couldn't it be just fixed back, so the "default_realm" is not needed when "realm" is present?
It should be fixed by now, but I need to do some more testing myself.
If you really want to change the join command to include the realm, is the temporary krb.conf file still necessary?
Let me check. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 gdeschner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|gdeschner@novell.com | ------- Comment #16 from gdeschner@novell.com 2006-10-27 07:36 MST ------- having the temp. krb5.conf is still correct. no change required in that regard. With our currently committed samba package (apart from your very recent join fix in bug #215645) the joining was successful for me again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=211706 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #17 from jsuchome@novell.com 2006-10-27 07:41 MST ------- So I assume the problem is fixed in samba tools and no change in YaST needs to be done for this issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com